ikev2 dpd

Use ikev2 dpd to configure global IKEv2 DPD.

Use undo ikev2 dpd to disable global IKEv2 DPD.

Syntax

ikev2 dpd interval interval [ retry seconds ] { on-demand | periodic }

undo ikev2 dpd interval

Default

The global IKEv2 DPD feature is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interval interval: Specifies a DPD triggering interval in the range of 10 to 3600 seconds.

retry seconds: Specifies the DPD retry interval in the range of 2 to 60 seconds. The default is 5 seconds.

on-demand: Triggers DPD on demand. The device triggers DPD if it has IPsec traffic to send and has not received any IPsec packets from the peer for the specified interval.

periodic: Triggers DPD at regular intervals. The device triggers DPD at the specified interval.

Usage guidelines

DPD is triggered periodically or on-demand. As a best practice, use the on-demand mode when the device communicates with a large number of IKEv2 peers. For an earlier detection of dead peers, use the periodic triggering mode, which consumes more bandwidth and CPU.

The triggering interval must be longer than the retry interval, so that the device will not trigger a new round of DPD during a DPD retry.

You can configure IKEv2 DPD in both IKEv2 profile view and system view. The IKEv2 DPD settings in IKEv2 profile view apply. If you do not configure IKEv2 DPD in IKEv2 profile view, the IKEv2 DPD settings in system view apply.

Examples

# Configure the device to trigger IKEv2 DPD if it has IPsec traffic to send and has not received any IPsec packets from the peer for 15 seconds.

<Sysname> system-view
[Sysname] ikev2 dpd interval 15 on-demand

# Configure the device to trigger IKEv2 DPD every 15 seconds.

<Sysname> system-view
[Sysname] ikev2 dpd interval 15 periodic

Related commands

dpd (IKEv2 profile view)